Burp Suite Pro v1.4.03 released - CSRF generator, SSL strip Added
The Hacker News

There is a new CSRF generator, which produces proof-of-concept HTML for generating virtually any HTTP request. You can access this feature by right-clicking any item within Burp, and using the engagement tools context menu to select "generate CSRF PoC".
Some useful features are:
  • Support for all form encoding types: standard URL encoding, multipart encoding, and plain text encoding.
  • Auto-detection of the optimal encoding type, with manual override.
  • Ability to edit both the request and response in-place, to fine tune attacks.
  • In-browser testing, by pasting a URL into your browser that will cause Burp Proxy to serve up the CSRF PoC in its response.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.